We have completed the upgrade of IEOC! All posts, comments and user profiles have been migrated. For security reasons, we have reset all passwords. To set a new password please Click Here. Further updates soon to follow.

10.23 MQC Class-Based GTS and CBWFQ

class-map 

 match protocol http

 

vs

 

class-map

 match access-group name WHY_USE_EXTENDED_ACL_TO_MATCH_ANY_HTTP_TRAFFIC

 

There is not an explicit requirement for where http traffic is originating from. Are both correct, or is there a reason for the extended ACL?  

Comments

  • There is not an explicit requirement for where http traffic is originating from. Are both correct, or is there a reason for the extended ACL?  

    Standard ACL doesn't inspect port numbers(Layer 4 header). So, you need to have extended ACL configured. 

    HTH

  • The question concerns matching based on protocol type in the class-map vs. matching based on an extended ACL in a class map for the particular lab.

     

    I never mentioned standard ACL's.

  • The difference is performance.

    If you use "match protocol", the router has to inspect upper layers of the packet to discover what protocol is on the packet. Also,  ACL may be quickly processed on ASICs but protocol inspection is processed on router´s CPU.

     

    PRoque

  • In the exam would you use and ACL or match protocols if both options seem viable?

Sign In or Register to comment.